ESET Threat Blog
Randy Abrams

The Droid Army

by Randy Abrams
December 30, 2010 at 7:17 pm

The Lookout Mobile Security company is reporting a new trojan horse program that runs on Android based phones. The novel thing about this trojan is that it has enough functionality to allow the criminals to assemble an Android based botnet. This really should come as no surprise. The Android is not a phone with web browsing capabilities, it is a computer with telephony capabilities. The Android security model, while quite cool, is about as effective as the failed macro protection model in Microsoft Office 1997. For users who knew what the macro protection dialog meant, it was a fairly effective security measure, but most users simply clicked “yes” to allow macros to run. With the Android based phones the user is told what resources the application will have access to, but few users actually care or understand the implications.

Allegedly Google has the ability to remove applications. A researcher published a non-malicious proof of concept app that Google removed, however I am not certain if Google can remove non-app store applications. In the case of the Geinimi trojan, so far it has only been seen on third party app sites in China. Given the low bar set to get apps onto the Android Market Store, expect to see this or similar trojans from time to time in Android Market applications.

The Geinimi trojan is reported to be able to receive commands from remote servers and download further software. While the software and be downloaded, the user is still prompted to install it. It probably won’t take very much to trick a naïve user into thinking the download is a valid update.

Under Application settings on the Android there is an option to allow the installation of non-market applications. AT&T does not allow non-market apps, however most providers do. While it doesn’t take much to get on the Android market, non-market applications will probably be more likely to be dangerous. That said, Android Market applications already often compromise privacy, although probably no more so than Apple Store iPhone apps do.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center – ESET LLC

.

This entry was posted on Thursday, December 30th, 2010 at 7:13 pm and is filed under Android, Randy Abrams. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

3 Responses to “The Droid Army”

  1. Hank Anderson Says:
    December 31st, 2010 at 7:30 pm

    so when is the Android eset security suit comming?

  2. Randy Abrams Says:
    January 6th, 2011 at 4:31 pm

    No word yet on if or when an Android product from ESET. Sorry. I am waiting too :)

  3. Jimmy Jones Says:
    July 22nd, 2011 at 8:46 pm

    Thats for sharing, it is realy important to have a anti virus on anything that is a working OS these days.

Leave a Reply

Share |
Subscribe by Email
To receive new posts automatically through email, enter your email address:

Delivered by FeedBurner

Blog Search
Categories
Authors
Tags
Adobe autorun Botnet Conficker Cybercrime Facebook google Malware Microsoft patch Phishing privacy SC Magazine Security Social Engineering Spam Stuxnet The Register Twitter Virus Bulletin
Archives

Switch to our mobile site